LOCAL out of the box user accounts

nagaklv
Tera Contributor

‎10-22-2020 03:32 AM

Hi All,

What is best practice for managing user accounts are used by the system ? At minimum, I need to change the password every 90 days per our company's policy.

soap.guest

bm.scheduler

instance.sec.user

ml_report.user

sharedservice.worker

ml.admin

virtual.agent

 

Please suggest me on this 

 

Regards,

Nagesh

 

 

 

Labels:
0 Helpfuls
  • 1,128 Views
4 REPLIES 4

Kieran Anson
Kilo Patron

‎10-22-2020 04:21 AM

There isn't an OOB function for this. You'd likely need to:

  • Add a custom field to the sys_user table that identifies the password last set date
  • Modify the installation exit to trigger an event that then triggers a script action to modify this custom field for 90 days in future
  • Scheduled job run daily to check custom field where date is today and set the 'password needs resetting' to true.

If these are only web service accounts, have you looked into moving away from basic auth and to oAuth?

0 Helpfuls

nagaklv
Tera Contributor
In response to Kieran Anson

‎10-22-2020 07:59 AM

Hi Kieran,

 

Thanks for reply

could you please explain more about the point 2 and 3 , appreciated if you can provide any script related to this  

 

 

0 Helpfuls

Kieran Anson
Kilo Patron
In response to nagaklv

‎10-22-2020 01:23 PM

Create a custom date field on sys_user table.

Add a BR to the sys_user table with a condition of 'Password needs resetting CHANGESTO False'

(function executeRule(current, previous /*null when async*/) {

	// Add your code here
	
	var date = new GlideDate();
	date.addDaysLocalTime(90);
	current.u_password_change = date;
	gs.eventQueue('user.password.changed',current,date);
})(current, previous);

Then use a scheduled job or flow to find all records where u_password_change is today and set "password needs reset" to true.

var userGR = new GlideRecord('sys_user');
userGR.addEncodedQuery('u_password_changeONToday@javascript:gs.beginningOfToday()@javascript:gs.endOfToday()');
userGR.query();
while(userGR.next()){
	userGR.setValue('password_needs_reset','true');
	userGR.update();
}
0 Helpfuls

Appli
Mega Sage
Mega Sage

‎10-22-2020 01:56 PM

Hi Nagesh

Please consider implementing a password reset process where you will be able to specify required strength for passwords, lockout for failed logins, password auto-generation etc. and follow on password reset execution by checking password change log.

Thank you

 

Hope it helps
0 Helpfuls